Computer Crime Research Center


Computer fraud survey

Date: January 30, 2007

RSA, The Security Division of EMC, released the findings of its fourth annual Financial Institution Consumer Online Fraud Survey. Conducted in December 2006, the online survey asked 1,678 adults from eight countries around the world for their opinions on evolving fraud threats such as phishing, vishing and keylogging, and on the efforts of their financial institutions to strengthen remote channel banking authentication.

Key results of the survey include:

* 91% of account-holders answered that they are willing to start using a new authentication method, beyond the standard 'username-and-password', if their banks decided to offer stronger security
* 73% commented that they would like their financial institution to use risk-based authentication
* 69% of account-holders believe that financial institutions should replace username-and-password log-in with stronger authentication for online banking
* 58% of account-holders believe that financial institutions should deploy stronger authentication for telephone banking
* 82% of account-holders would like their banks to monitor online banking sessions and telephone banking sessions for signs of irregular activity or behavior – similar to the way that credit card transactions are monitored today
* While many financial institutions have begun moves to deploy stronger authentication over the past year, only 39% of account-holders are aware of it
* Less than 70% of respondents in the UK (69%) and in Australia (65%) claimed to be familiar with the term "phishing" – compared to 83% in the US

In addition, trust in the online channel continues to erode. 82% account-holders are less likely to respond to an e-mail from their bank due to scams including phishing – up from 79% in 2005 and 70% in 2004 – and more than half said that they would be less likely to sign-up for or use online banking as a result. In addition, 44% of account-holders reported that they have become increasingly concerned about other types of attacks (besides phishing), such as Trojans and keyloggers, over the past six months.

When asked for their views on online banking authentication, 69% of respondents answered that they feel banks should use something stronger than basic and static usernames-and-passwords; more than half (58%) want banks to ramp up telephone banking authentication as well. Moreover, 91% of account-holders responded that they would be willing to start using a new authentication method, beyond the standard username-and-password, if their bank decided to offer stronger security: 43% said they would be "very willing and would proactively sign up for the service," and another 48% said they were "somewhat willing and would sign-up if they had the time and it was a simple process."

... but opinions vary when it comes to the preferred method of authentication

When presented with several authentication options, including hardware tokens, personalized images, and risk-based authentication, the majority of respondents (73%) commented that they would like their financial institution to use risk-based authentication. Risk-based authentication involves a behind-the-scenes assessment of the user's identity based on factors including log-on location, IP address and transaction behavior – which can be supplemented with out-of-band phone calls or secret questions for transactions that are deemed high-risk. Risk-based authentication is designed to provide strong security with minimal impact on the user experience – a concept that resonated extremely well with the survey respondents.
Original article

Add comment  Email to a Friend

Copyright © 2001-2013 Computer Crime Research Center
CCRC logo